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« The MAILING DATE of this communication appears on the cover sheet with the correspondence address - 
Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 

- Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )I3 Responsive to communication(s) filed on 01 November 2001 . 
2a)D This action is FINAL. 2b)S This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 
Disposition of Claims 

4) [3 Claim(s) 2-21 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) H Claim(s) 2-21 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) 13 The drawing(s) filed on 16 October 2001 is/are: a)E3 accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 

11) D The proposed drawing correction filed on is: a)D approved b)D disapproved by the Examiner. 

If approved, corrected drawings are required in reply to this Office action. 

12) D The oath or declaration is objected to by the Examiner. 
Priority under 35 U.S.C. §§119 and 120 

13) D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 

a)D All b)D Some*c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 

14) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. § 1 19(e) (to a provisional application). 

a) □ The translation of the foreign language provisional application has been received. 

15) D Acknowledgment is made of a claim for domestic priority under 35 U.S.C. §§ 120 and/or 121 . 

Attachment(s) 

1) 13 Notice of References Cited (PTO-892) 4)D Interview Summary (PTO-4 13) Paper No(s). . 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) 5) □ Notice of Informal Patent Application (PTO-1 52) 

3) M Information Disclosure Statement(s) (PTO-1449) Paper No(s) 3 . 6) □ Other: 
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DETAILED ACTION 
Claim Rejections - 35 USC § 103 

1. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for 
all obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 102 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

2. Claims 2-5, 7-10, 12-15 and 16-20 are rejected under 35 U.S.C. 103(a) as 
being unpatentable over Kung (U.S. Patent No. 5.434.918) in view of McAuliffe 
(U.S. Patent No. 5.838.790). 

3. Referring to the instant claims Kung discloses a method for providing 
mutual authentication of a user and a server on a network (see abstract and 
Fig.1). 

Kung teaches a mutual authentication method for use in authenticating a user 
that operates a client workstation that is coupled to a file server workstation 
having a password file comprising a password known to the user (see Fig. 1 and 
column 1 , lines 47-50). Kung teaches that the method comprises the 
following steps: A logon ID is transmitted from the client workstation to the server 
workstation. The stored user password corresponding to the user ID is retrieved 
using the transmitted logon ID is retrieved from the password file. A random 
number is created that is encrypted by a symmetric encryption algorithm on the 
server workstation using the retrieved user password, and which provides an 
encrypted password. The user is then requested to enter the password into the 
user workstation. The entered password is used to decrypt the encrypted 
password received from the server workstation and retrieve the random number 
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therefrom to authenticate the server workstation. The random number is then 
used as the encryption and decryption key for communication between the user 
and server workstations. An encrypted message is transmitted using the random 
number from the client workstation to the server workstation. The encrypted 
message is decrypted at the server workstation to authenticate the user (see 
column 1, lines 53-68). 

4. Referring to claims 2, 5, 8, 12,15, 18 and 20 the limitation 
" generating a server authentication request at the client; 

transmitting the server authentication request to the server " 
is met by a logon ID transmitted from the client workstation to the server 
workstation (see Fig. 2. block 31). The limitation "...receiving an encrypted server 
authentication response from the server..." is met by encrypted password 
received from the server workstation (see Fig. 2, block 35). The limitation 
"...decrypting the server authentication response..." is met by password entered 
by the user at workstation (1 1 in Fig.1), which is used to decrypt the encrypted 
password received from the server workstation (see Fig.2, block 35). 
Kung, however, does not explicitly teach disabling client functions if the 
server is not authorized to provide resource to the client. 

5. Referring to the instant claims, McAuliffe discloses an advertisement 
authentication system in which advertisements are downloaded for off-line 
display (see abstract and Fig. 1 A). McAuliffe shows a client computer connected 
to the server computers over the network (see units 2 and 20, 22, 24, 25, 27 in 
Fig. 1 A). McAuliffe teaches advertisement authentication system capable 

of detecting various forms of advertisement and statistics file 
tampering. McAuliffe teaches that client software disabling are instituted 
after multiple incidents of "tampering" are detected within a short time period (see 
column 1 1 , lines 9-12). Therefore, at the time the invention was made, it would 
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have been obvious to one of ordinary skill in the art to modify the system for 
authentication of a user and a server on a network of Kung by disable client 
functions in case of detection of tempering (i.e. negative result of authentication) 
as taught in McAuliffe. One of ordinary skill in the art would have been motivated 
to disable client functions in case of a negative result of authentication as taught 
in McAuliffe for making sure that the advertisements are properly displayed at a 
remote computer (see McAuliffe, abstract). 

6. Referring to claim 4, 8, 9,14, 18 and 19 the limitations "disable one or more 
functions until after a grace period" and " after an allotted period of time..." is met 
by disabling client functions after a number of incidents of "tampering" in a time 
period (see McAuliffe, column 11, lines 9 -12). 

7. Referring to claims 5 and 10, McAuliffe shows the client authenticating the 
downloads from multiple servers (see units 2 and 20, 22, 24, 25, 27 in Fig. 1 A). 

8. Referring to claim 7 and 17, Kung teaches that a random number is 
created that is encrypted by a symmetric encryption algorithm on the server 
workstation using the retrieved user password, and which provides an encrypted 
password (column 1, lines 53-68). 



9. Claims 6, 11, 16 and 21 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Kung (U.S. Patent No. 5.434.918) in view of McAuliffe (U.S. 
Patent No.5.838.790) and further in view Guthrie (U.S. Patent No. 6.161 .185). 

10. Referring to the instant claims, Kung and McAuliffe teach disabling client 
functions when server authentication response fails to indicate that server is 
authorized to provide resources. Kung and McAuliffe, however, do not explicitly 
teach determining when a subsequent authentication response should occur 
based on expiration information. 

1 1 . Referring to the instant claims, Guthrie discloses personal 
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authentication system and method for multiple computer platform (see abstract). 
Guthrie shows a client-server system (see Figs. 1A and 1B). Guthrie teaches 
determining weather authentication request had been made during the 
expiration notification time (see column 9, lines 40-55). Therefore, at the time the 
invention was made, it would have been obvious to one of ordinary skill in the art 
to have a server authentication response of Kung and McAuIiffe 
comprising expiration information and to determine weather authentication 
response had occurred as taught in Guthrie. One of ordinary skill in the art would 
have been motivated to have a server authentication response of Kung and 
McAuIiffe comprising expiration information and to determine weather 
authentication response had occurred as taught in Guthrie for allowing a user 
to attempt to authenticate himself for a configurable number of 
allowances after his password expiration time value has passed (see 
Guthrie column 9, lines 50-55). 



Conclusion 

12. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure: 

U.S. Patent No. 5.958.004 to Helland et al 

U.S. Patent No. 6.049.832 to Brim et al 

Any inquiry concerning this communication or earlier communications from 
the examiner should be directed to Grigory Gurshman whose telephone number 
is (703) 306-2900. The examiner can normally be reached on 9 AM-5:30 PM. 
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If attempts to reach the examiner by telephone are unsuccessful, the 
examiner's supervisor, Gilberto Barron can be reached on (703) 305-1830. The 
fax phone number for the organization where this application or proceeding is 
assigned is (703) 872-9306. 

Any inquiry of a general nature or relating to the status of this application 
or proceeding should be directed to the receptionist whose telephone number is 
(703) 305-3900. 




Grigory Gurshman 

Examiner 

Art Unit 2132 



December 10, 2003 
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TECHNOLOGY CENTER 2100 



